Chapter One – Cyber Security
It seems people in the IT Space are either 100% engaged on cyber security, or 100% disengaged and take the adage of either that’s someone else’s problem, or it won’t happen to me. I’m not here to change anyone’s mind, I just want to state some facts and provide a simple strategy that can act as a starting point for your business or organization.
So, let’s just state some facts:
- If you’re connected to the Internet your mission critical systems, if they are digital, can never be made fully safe, that’s just the hard truth.
- On average it takes up to 200 days to discover a breach in a corporate network, and this is due to complexities.
- Cyber security breaches are now commonplace, and, for example, ransomware is now a billon dollar industry, you can just read some of the following stories to get context:
- Now, the light at the end of the tunnel, even if it’s a little dim. By deploying a “proper” cyber hygiene ecosystem, you will be able to protect your self from well over 90% of attacks, those last 10%, those are the bad ones…those are the Advanced Persistent Threats, those are the nation states that are attacking large organizations, critical infrastructure (hello Colonial Pipelines) or government departments.
So let’s talk about what we have control of, our cyber hygiene, literally five steps an organization can take to protect themselves from the threats that represent that 90 to 95% of bad actors.
- Have a proper inventory of the hardware and software in your organization and monitor it – you can use a Managed Services provider like Oxygen, that have the tools to do this for you, or you can purchase them, but make sure you’re watching and listening for changes to the environment.
- Have a proper intrusion protection service (IPS) other wise known as a Next Generation firewall. This protects the perimeter. Oxygen leads with Sonicwall and Cisco solutions, but whatever you use, make sure it has IPS in it. You also need End Point Detection and Response (EDR,) this is how you protect your endpoints, but don’t just settle on EDR, Oxygen, in partnership with Kaspersky, provides a Managed Endpoint Detection and Response solution. An MDR steps up the game for EPP, it provides a managed response to any threats encountered within the environment.
- Training – we need to make sure your employees understand that they are fundamental in the protection of our critical assets, data. By providing cyber training to our staff, we are taking steps to protect ourselves from the easiest point of entry for the bad actors, our employees. Oxygen uses KnowBe4 for creating training campaigns for our clients.
- Air gaps – we need to create air gaps between our critical workloads, virtually segmenting them from each other. Oxygen’s first workload that we air gap are the backups, making sure that the backups are situated within a segmented environment, away from the operational network.
- Finally we need to build a staff or team of professionals, either internally, or through a service provider to watch, and react to all of the above.
If you have any questions on how to implement a cyber hygiene ecosystem within your environment, just reach out to the Team at Oxygen.